Closed Bug 785141 Opened 12 years ago Closed 12 years ago

Privacy Review Needed for Prospective MozCamp Asia Vendors

Categories

(Privacy Graveyard :: Product Review, task)

Product:
Privacy Graveyard
Component:
Product Review
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: knaszradi, Assigned: smartin)

Details

(Whiteboard: privacy review completed - resolved)

Attachments

(5 files)

e27 questionnaire
150.67 KB, application/pdf
Details
e27 Privacy Policy
29.50 KB, application/msword
Details
World Express Questionnaire
90.72 KB, application/pdf
Details
Red Events Privacy Questionnaire
3.04 MB, application/pdf
Details
World Express Privacy Policy/Agreement
98.19 KB, application/pdf
Details
Attached file e27 questionnaire 
Hi all:

We're hoping to make our decision on which vendor we would like to contract for MozCamp Asia by end of next week. While we are reviewing their proposals, we'd like to get your feedback on the privacy questionnaires they have provided for us. We will also be submitting the final questionnaire on this bug tomorrow (for a total of 3). Please let us know if you have any questions.

Thanks,

Kate
Attached file e27 Privacy Policy 

    
    

    
  


  
Red Events also indicated:
"We currently do not have a company privacy policy set in place as we would usually follow our clients guidelines, we would be happy to adopt Mozilla's privacy policy for this event."

    
    

    
  
Hi! 

I've now attached privacy questionnaires that have been completed from our prospective Asia vendors. We are highly leaning towards choosing e27 based on their experience with similar technology clients and would like to be able to let them know by EOW. Would it be possible to get a review of their questionnaire by tomorrow EOD? It would be much appreciated!

Please let me know if you have any questions.

Thanks,

Kate

    
  
Assignee: nobody → smartin
Whiteboard: under privacy review

    
    

    
  
Hi Kate,

I read through all of the attached documents.  For e27, can you ask them to clarify if/how they would be using Basecamp and Eventbrite for our event?  And if/how they would be using viral sharing for our event?

    
    

    
  
To clarify, my preference is that they don't use either.  Is either needed or requested by us?  Other than that, they look fine to me, as long as they're willing to sign our data addendum.  Their privacy policy isn't very robust, but our contract language should remedy that.

    
    

    
  
Thanks Stacy, I'm emailing them this question now and cc'ing you. Should I provide them with the data addendum now or would this be a part of the contract?

Thanks!

Kate

    
    

    
  
Answers from e27 (Stacy - I've also cc'd you on the email chain):

1) Basecamp is a project management tool we will use internally to manage the project. This allows us to better communicate with the team. This tool will be used for internal staff only, so only the project mangers from e27 and Embrya will access it. At the end of the project, we will delete all materials pertaining to the project. If there is any retained information, we will export it and pass it to you.

2) Eventbrite is a event management and registration program we use. In this case, since Mozilla will be handling registration, we wont be using this registration system. If Mozilla would like us to handle the registration, then we will use Eventbrite. It gives us a secure environment to manage user data and update attendees of the event. At the end of the event, we will be surrendering all the data to Mozilla and will be deleting all the records from the system. e27 will not be retaining any attendee records.

3) There will be no viral sharing for the event since this is a closed event and non-Mozilla members will not be allowed at the event.

    
    

    
  
Thank you, Kate.  It sounds like the security review would cover Basecamp, if it will contain personal info (PII).  If no PII, then no privacy concerns.  With no Eventbrite and no viral sharing, looks fine so long as they sign the data addendum.

    
    

    
  
Great - thanks Stacy!

    
    

    
  
I'm going to close this one out, since the privacy review has been completed.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: under privacy review → privacy review completed - resolved

    
    

    
  
Thanks Stacy!

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: